Hi, I`m quite sure, I have verified it in a small test Flow. A propert to set
the do_validate flag to false would be helpful in this case. Regards, Lj
På fre, jan. 2019 klockan 0:05, Otto Fowler<ottobackwa...@gmail.com> skrev:
#yiv4068205678 body{font-family:Helvetica, Arial;font-size:13px;}Can I ask how
you are sure it is the message size that is causing the error? The parser
returns null for any error parsing, so the processor doesn’t know what
happened. It could be that the message didn’t validate, or something else.
If the issues _is_ with the validator, then we could allow a property to
optionally call the parser with the do validate flag to false.
Maybe you can create a jira with a sanitized example line that causes the error?
On January 3, 2019 at 15:13:14, Felix McPherson (ljungpip...@yahoo.se) wrote:
Hi,
I'musing the ParseCEF processor to parse CEF message to Json
format.Unfortunately the ParseCEF processor fails for message/events thatholds
a string in the Msg field that has more than 1023 character.According to the
CEF standard the Msg field in an event shall notexceed 1023 character. The
PARSECEF fails with:
"Error
ParseCEF[id=...] Failed to parse...
...as a CEF message; it does not conform to the CEF standard;routing to failure.
Any ideas on a workaround for this problem? I would prefer nothaving to remove
character in the Msg field string.
Regards,lj
